G
Graham
Hi all
I work at a school with xp workstations and a windows 2000 dc.
I use a combination of group policy and a mandatory profile saved on the dc
to try and tighten security.
One of the workstations in the library staffroom is running a catalogue
program that is shared and accessible through a short cut in the students
mandatory profile "Desktop Folder'.
The library workstation has had it hdd permissions set to, only allow
students access to the catalogue share.
Heres the problem.
When a user logs on to a workstation the shortcut is present to the library
machine.
The user can right mouse click on the shortcut, select properties,select"
find target" and has a listing of the contents of the share.(no problem
because they cant delete, only read)
But if they use the UP icon to travel back a dir, they get a listing of the
shares on the machine (not the dir one level up). If they use the UP again
they get the whole network machines listed
including the DC,S from there they can look for any open share that hasn't
been properly protected (I hope they all have). But they can get to the
NETLOGON share in the DC etc.
I try to stop this by using policies etc but cant find a reference to stop
this sort of navigation. (would be easy if I could disable properties button
on a right mouse click)
Can anybody please help me in closing this hole or point me to a link that
will help.
Thankyou
Graham Flear
I work at a school with xp workstations and a windows 2000 dc.
I use a combination of group policy and a mandatory profile saved on the dc
to try and tighten security.
One of the workstations in the library staffroom is running a catalogue
program that is shared and accessible through a short cut in the students
mandatory profile "Desktop Folder'.
The library workstation has had it hdd permissions set to, only allow
students access to the catalogue share.
Heres the problem.
When a user logs on to a workstation the shortcut is present to the library
machine.
The user can right mouse click on the shortcut, select properties,select"
find target" and has a listing of the contents of the share.(no problem
because they cant delete, only read)
But if they use the UP icon to travel back a dir, they get a listing of the
shares on the machine (not the dir one level up). If they use the UP again
they get the whole network machines listed
including the DC,S from there they can look for any open share that hasn't
been properly protected (I hope they all have). But they can get to the
NETLOGON share in the DC etc.
I try to stop this by using policies etc but cant find a reference to stop
this sort of navigation. (would be easy if I could disable properties button
on a right mouse click)
Can anybody please help me in closing this hole or point me to a link that
will help.
Thankyou
Graham Flear